Penetration Testing Web Apps with Kali and Burp Suite
1h 55mAdvanced2022-09-29
Authors

Malcolm Shore
Cybersecurity Expert, Former Director of GCSB
Course details
Websites are one of the most vulnerable pieces of information technology, since their contents are exposed to access from the internet. By understanding how attackers locate and exploit these vulnerabilities, you can help build more secure websites and protect web applications. This course shows you how to perform advanced web testing using the tools available in Kali, the professional pen testing framework. After a brief refresher on web testing, instructor Malcolm Shore introduces some new tools for enumerating and exploiting websites. Malcom teaches you how to spider a website using Burp Suite and check for vulnerable pages, how to find hidden pages on a website, and shows how the common web technologies such as PHP, Nodejs, and ASP can be exploited. He also explains how to integrate Burp Suite and sqlmap to enable deep testing of a web site for hidden access vectors, as well as using tools like Cadaver and Jhead which attackers use to upload malware.
Skills covered
Penetration TestingCybersecurityDeep Dive (X:Y)
Concepts
0. Introduction
- 01 - Protecting your websites
- 02 - What you should know before watching this course
- 03 - Disclaimer
1. Setting Up
- 04 - Preparing the test environment
- 05 - Setting up WordPress
- 06 - Setting up Joomla
- 07 - Online testing sites
2. Refresher
- 08 - A refresher on web technology
- 09 - Refreshing your basic web testing skills
- 10 - A refresher on website shell implants
3. Advanced Website Enumeration
- 11 - Busting open a website
- 12 - Identifying virtual websites
- 13 - More ways to find web pages
4. Finding Vulnerabilities
- 14 - Vulnerability scanning with Burp Suite
- 15 - Using sqlmap to validate SQL injections
5. Attacking the Website
- 16 - Exploiting your way into the gym
- 17 - Exploiting through an ASPX shell with Cadaver
- 18 - Checking web page source
- 19 - Injecting HTML into a web page
- 20 - Exploiting tools left on websites
- 21 - Injecting SQL using Burp Suite
- 22 - Exploiting Node.js
- 23 - Injecting XML into a web page
- 24 - File access through a web application URL
6. Content Management
- 25 - Understanding CMS targets
- 26 - Getting into WordPress
- 27 - Shelling through WordPress
- 28 - Exploiting Joomla via SQL
Conclusion
- 29 - What's next
Related courses
- Ethical Hacking: Enumeration
- Android App Security: A Structured Approach to Pen Testing
- Penetration Testing Essential Training (2021)
- Penetration Testing Essential Training
- Dynamic Application Security Testing (DAST) (2019)
- Security Testing Essential Training
- Penetration Testing and Ethical Hacking
- Offensive Penetration Testing
Related learn paths
- Become a Penetration Tester
- Explore a Career in Application Security
- Become an Ethical Hacker
- Penetration Testing Professional Certificate
- Prepare for the CompTIA PenTest+ (PT0-002) Certification Exam
- Navigating the Cybersecurity Threat Landscape
- Prepare for the AWS Certified Cloud Practitioner (CLF-C01) Certification Exam
- Prepare for the ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Certification